Screener copies of the latest movies provided to the awards voters for watching are some of most valuable assets of the entertainment industry. However, they somehow leak out online every year in close to perfect quality.

Now the studios have been testing Netflix-like systems that eliminate the need for physical discs to be sent out. One such system is available at Awards-Screeners.com, which is supposed to allow SAG-AFTRA members and other industry insiders to view the latest films in a secure environment. However, one security researcher has recently discovered an exposed MongoDB database while conducting tests, which appeared to be a part of Awards-Screeners.com. He explained that the database was running with no authentication required for access, entirely exposed to the open Internet.

By the way, the database contained over 1,200 user logins, including senior executives of the movie studios. Despite the fact that their hashed passwords would be difficult to crack, the database itself was publicly offering admin-level access, which means that any of the values in the database could have been changed to arbitrary values. This flaw could blow a hole in the screener system and have significant piracy and subsequent law enforcement implications. The researcher explained that a malicious person could log into any of the user accounts, screencap an unreleased movie and torrent it.

Keeping in mind that there might also be video watermark technology allowing to trace which account it came from, a malicious person can also frame any of the users for the distribution by using their account to do it.